diff --git a/letsencrypt/client/standalone_authenticator.py b/letsencrypt/client/standalone_authenticator.py
index 9eb6bc392..7723c840d 100644
--- a/letsencrypt/client/standalone_authenticator.py
+++ b/letsencrypt/client/standalone_authenticator.py
@@ -6,21 +6,23 @@
 This authenticator creates its own ephemeral TCP listener on the specified
 port in order to respond to incoming DVSNI challenges from the certificate
 authority."""
-from letsencrypt.client.challenge_util import DvsniChall
-from letsencrypt.client.challenge_util import dvsni_gen_cert
-from letsencrypt.client import CONFIG
-from letsencrypt.client import interfaces
-import Crypto.Random
-import OpenSSL.crypto
-import OpenSSL.SSL
+
 import os
 import signal
 import socket
 import sys
 import time
+
+import Crypto.Random
+import OpenSSL.crypto
+import OpenSSL.SSL
 import zope.component
 import zope.interface
 
+from letsencrypt.client import challenge_util
+from letsencrypt.client import CONFIG
+from letsencrypt.client import interfaces
+
 
 class StandaloneAuthenticator(object):
     # pylint: disable=too-many-instance-attributes
@@ -256,11 +258,12 @@ class StandaloneAuthenticator(object):
             # TODO: Specify a correct exception subclass.
             raise Exception(".perform() was called without challenge list")
         for chall in chall_list:
-            if isinstance(chall, DvsniChall):
+            if isinstance(chall, challenge_util.DvsniChall):
                 # We will attempt to do it
                 name, r_b64 = chall.domain, chall.r_b64
                 nonce, key = chall.nonce, chall.key
-                cert, s_b64 = dvsni_gen_cert(name, r_b64, nonce, key)
+                cert, s_b64 = challenge_util.dvsni_gen_cert(
+                    name, r_b64, nonce, key)
                 self.tasks[nonce + CONFIG.INVALID_EXT] = cert
                 results_if_success.append({"type": "dvsni", "s": s_b64})
                 results_if_failure.append(None)
@@ -292,7 +295,7 @@ class StandaloneAuthenticator(object):
         """
         # Remove this from pending tasks list
         for chall in chall_list:
-            assert isinstance(chall, DvsniChall)
+            assert isinstance(chall, challenge_util.DvsniChall)
             nonce = chall.nonce
             if nonce + CONFIG.INVALID_EXT in self.tasks:
                 del self.tasks[nonce + CONFIG.INVALID_EXT]
diff --git a/letsencrypt/client/tests/standalone_authenticator_test.py b/letsencrypt/client/tests/standalone_authenticator_test.py
index a8705d3cc..9a035a3da 100644
--- a/letsencrypt/client/tests/standalone_authenticator_test.py
+++ b/letsencrypt/client/tests/standalone_authenticator_test.py
@@ -4,17 +4,17 @@
 import mock
 import unittest
 
-from letsencrypt.client.challenge_util import DvsniChall
-from letsencrypt.client.challenge_util import dvsni_gen_cert
-from letsencrypt.client import le_util
-from OpenSSL.crypto import FILETYPE_PEM
-import OpenSSL.crypto
-import OpenSSL.SSL
 import os
 import pkg_resources
 import signal
 import socket
 
+import OpenSSL.crypto
+import OpenSSL.SSL
+
+from letsencrypt.client import challenge_util
+from letsencrypt.client import le_util
+
 
 # Classes based on to allow interrupting infinite loop under test
 # after one iteration, based on.
@@ -67,8 +67,9 @@ class SNICallbackTest(unittest.TestCase):
         test_key = pkg_resources.resource_string(
             __name__, 'testdata/rsa256_key.pem')
         nonce, key = "abcdef", le_util.Key("foo", test_key)
-        self.cert = dvsni_gen_cert(name, r_b64, nonce, key)[0]
-        private_key = OpenSSL.crypto.load_privatekey(FILETYPE_PEM, key.pem)
+        self.cert = challenge_util.dvsni_gen_cert(name, r_b64, nonce, key)[0]
+        private_key = OpenSSL.crypto.load_privatekey(
+            OpenSSL.crypto.FILETYPE_PEM, key.pem)
         self.authenticator.private_key = private_key
         self.authenticator.tasks = {"abcdef.acme.invalid": self.cert}
         self.authenticator.child_pid = 12345
@@ -190,8 +191,10 @@ class PerformTest(unittest.TestCase):
         test_key = pkg_resources.resource_string(
             __name__, 'testdata/rsa256_key.pem')
         key = le_util.Key("something", test_key)
-        chall1 = DvsniChall("foo.example.com", "whee", "foononce", key)
-        chall2 = DvsniChall("bar.example.com", "whee", "barnonce", key)
+        chall1 = challenge_util.DvsniChall(
+            "foo.example.com", "whee", "foononce", key)
+        chall2 = challenge_util.DvsniChall(
+            "bar.example.com", "whee", "barnonce", key)
         bad_chall = ("This", "Represents", "A Non-DVSNI", "Challenge")
         self.authenticator.start_listener = mock.Mock()
         self.authenticator.start_listener.return_value = True
@@ -215,8 +218,10 @@ class PerformTest(unittest.TestCase):
         test_key = pkg_resources.resource_string(
             __name__, 'testdata/rsa256_key.pem')
         key = le_util.Key("something", test_key)
-        chall1 = DvsniChall("foo.example.com", "whee", "foononce", key)
-        chall2 = DvsniChall("bar.example.com", "whee", "barnonce", key)
+        chall1 = challenge_util.DvsniChall(
+            "foo.example.com", "whee", "foononce", key)
+        chall2 = challenge_util.DvsniChall(
+            "bar.example.com", "whee", "barnonce", key)
         bad_chall = ("This", "Represents", "A Non-DVSNI", "Challenge")
         self.authenticator.start_listener = mock.Mock()
         self.authenticator.start_listener.return_value = False
@@ -233,12 +238,12 @@ class PerformTest(unittest.TestCase):
 
     def test_perform_with_pending_tasks(self):
         self.authenticator.tasks = {"foononce.acme.invalid": "cert_data"}
-        extra_challenge = DvsniChall("a", "b", "c", "d")
+        extra_challenge = challenge_util.DvsniChall("a", "b", "c", "d")
         self.assertRaises(
             Exception, self.authenticator.perform, [extra_challenge])
 
     def test_perform_without_challenge_list(self):
-        extra_challenge = DvsniChall("a", "b", "c", "d")
+        extra_challenge = challenge_util.DvsniChall("a", "b", "c", "d")
         # This is wrong because a challenge must be specified.
         self.assertRaises(Exception, self.authenticator.perform, [])
         # This is wrong because it must be a list, not a bare challenge.
@@ -345,8 +350,9 @@ class DoChildProcessTest(unittest.TestCase):
             __name__, 'testdata/rsa256_key.pem')
         nonce, key = "abcdef", le_util.Key("foo", test_key)
         self.key = key
-        self.cert = dvsni_gen_cert(name, r_b64, nonce, key)[0]
-        private_key = OpenSSL.crypto.load_privatekey(FILETYPE_PEM, key.pem)
+        self.cert = challenge_util.dvsni_gen_cert(name, r_b64, nonce, key)[0]
+        private_key = OpenSSL.crypto.load_privatekey(
+            OpenSSL.crypto.FILETYPE_PEM, key.pem)
         self.authenticator.private_key = private_key
         self.authenticator.tasks = {"abcdef.acme.invalid": self.cert}
         self.authenticator.parent_pid = 12345
@@ -439,13 +445,15 @@ class CleanupTest(unittest.TestCase):
     def test_cleanup(self, mock_sleep, mock_kill):
         mock_sleep.return_value = None
         mock_kill.return_value = None
-        chall = DvsniChall("foo.example.com", "whee", "foononce", "key")
+        chall = challenge_util.DvsniChall(
+            "foo.example.com", "whee", "foononce", "key")
         self.authenticator.cleanup([chall])
         mock_kill.assert_called_once_with(12345, signal.SIGINT)
         mock_sleep.assert_called_once_with(1)
 
     def test_bad_cleanup(self):
-        chall = DvsniChall("bad.example.com", "whee", "badnonce", "key")
+        chall = challenge_util.DvsniChall(
+            "bad.example.com", "whee", "badnonce", "key")
         self.assertRaises(ValueError, self.authenticator.cleanup, [chall])